keycloak_quarkus
Install keycloak >= 20.0.0 (quarkus) server configurations.
Role Defaults
Installation options
Variable |
Description |
Default |
|---|---|---|
|
keycloak.org package version |
|
Service configuration
Variable |
Description |
Default |
|---|---|---|
|
Enable auto configuration for database backend, clustering and remote caches on infinispan |
|
|
Discovery protocol for HA cluster members |
|
|
Enable auto configuration for database backend |
|
|
Administration console user account |
|
|
Address for binding service ports |
|
|
Hostname for the Keycloak server |
|
|
The port used by the proxy when exposing the hostname |
|
|
This should be set if proxy uses a different context-path for Keycloak |
|
|
HTTP listening port |
|
|
TLS HTTP listening port |
|
|
AJP port |
|
|
jgroups cluster tcp port |
|
|
Posix account username |
|
|
Posix account group |
|
|
systemd restart always behavior activation |
|
|
systemd restart on-failure behavior activation |
|
|
systemd RestartSec |
|
|
Pid file path for service |
|
|
RHEL java package runtime |
|
|
JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path |
|
|
Heap memory JVM setting |
|
|
Other JVM settings |
same as keycloak |
|
JVM arguments; if overriden, it takes precedence over |
|
|
Set the base URL for frontend URLs, including scheme, host, port and path |
|
|
Set the base URL for accessing the administration console, including scheme, host, port and path |
|
|
Set the path relative to / for serving resources. The path must start with a / |
|
|
Enable listener on HTTP port |
|
|
Enable listener on HTTPS port |
|
|
The file path to a private key in PEM format |
|
|
The file path to a server certificate or certificate chain in PEM format |
|
|
Enable configuration of HTTPS via a key store |
|
|
Deprecated, use |
|
|
Deprecated, use |
|
|
The file path to the key store |
|
|
Password for the key store |
|
|
Enable configuration of the https trust store |
|
|
The file path to the trust store |
|
|
Password for the trust store |
|
|
Parse reverse proxy headers ( |
|
|
Path to the configuration key store; only used if |
|
|
Password of the configuration key store; if non-empty, |
|
Hostname configuration
Variable |
Description |
Default |
|---|---|---|
|
Set the path relative to / for serving resources. The path must start with a / |
|
|
Disables dynamically resolving the hostname from request headers |
|
|
By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled. |
|
Database configuration
Variable |
Description |
Default |
|---|---|---|
|
Database engine [mariadb,postres,mssql] |
|
|
User for database connection |
|
|
Password for database connection |
|
|
JDBC URL for connecting to database |
|
|
Version for JDBC driver |
|
Remote caches configuration
Variable |
Description |
Default |
|---|---|---|
|
Username for connecting to infinispan |
|
|
Password for connecting to infinispan |
|
|
host name/port for connecting to infinispan, eg. host1:11222;host2:11222 |
|
|
Infinispan auth mechanism |
|
|
Whether infinispan uses TLS connection |
|
|
Path to infinispan server trust certificate |
|
|
Password for infinispan certificate keystore |
|
Install options
Variable |
Description |
Default |
|---|---|---|
|
Perform an offline install |
|
|
keycloak.org package version |
|
|
Installation root path |
|
|
Download URL for keycloak |
|
|
Ensure firewalld is running and configure keycloak ports |
|
Miscellaneous configuration
Variable |
Description |
Default |
|---|---|---|
|
Whether to enable metrics |
|
|
If the server should expose health check endpoints |
|
|
keycloak install archive filename |
|
|
Installation path |
|
|
Installation work directory |
|
|
Path for configuration |
|
|
Name for rest authentication realm |
|
|
Authentication client for configuration REST calls |
|
|
Remove pre-existing versions of service |
|
|
URL for configuration rest calls |
|
|
Enable one or more log handlers in a comma-separated list |
|
|
The log level of the root category or a comma-separated list of individual categories and their levels |
|
|
Set the log file path and filename relative to keycloak home |
|
|
Set a format specific to file log entries |
|
|
Set the destination of the keycloak log folder link |
|
|
Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): |
|
|
Set the maximum number of archived log files to keep” |
|
|
Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with |
|
|
The proxy address forwarding mode if the server is behind a reverse proxy |
|
|
Whether to start the service in development mode (start-dev) |
|
|
Whether to use XA transactions |
|
|
If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy |
|
Vault SPI
Variable |
Description |
Default |
|---|---|---|
|
Whether to enable the vault SPI |
|
|
The keystore path for the vault SPI |
|
|
Type of the keystore used for the vault SPI |
|
Role Variables
Variable |
Description |
Required |
|---|---|---|
|
Password of console admin account |
|
|
Base URL for frontend URLs, including scheme, host, port and path |
|
|
Base URL for accessing the administration console, including scheme, host, port and path |
|
|
The password for accessing the keystore vault SPI |
|
Role custom facts
The role uses the following custom facts found in /etc/ansible/facts.d/keycloak.fact (and thus identified by the ansible_local.keycloak. prefix):
Variable |
Description |
|---|---|
|
A custom fact indicating whether this role has been used for bootstrapping keycloak on the respective host before; set to |
License
Apache License 2.0